Subway has allegedly suffered a data breach at the hands of none other than the notorious LockBit ransomware gang.
According to The Register, the ransomwareasaservice provider added the sandwich makers to its data leak site earlier this week after one of its affiliates made away with gigabytes of sensitive data.
“We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial [aspects] of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers etc,” LockBit stated. “We are giving some time for them to come and protect this data, if no[t], we are open to sell to competitors.”
In other words, demands were sent Subway’s way, and the affiliate that breached it is now waiting for a response.
At the same time, Subway is giving everyone the silent treatment. Maybe the company tried to keep the news quiet, and maybe it wasn’t even aware of the attack until LockBit boasted about it.
“The biggest sandwich chain is pretending that nothing happened,” the group apparently said.
Subway has allegedly told media sources it is investigating the claims of the breach. If you were wondering how it could be possible that a company wasn’t aware of a ransomware attack (given its disruptive potential) hackers have started skipping the encryption part and moving straight to the part where they steal the data.